So that the client does not have the password and database name. And then (somehow?!?!) you should check the score in the php script to stop someone from sending bogus scores or spamming the database with lots of scores...

Sending an encrypted version of the score, and/or a hash of the score (with salt!) will make it much harder for someone to fake a score submission by hand. And use POST instead of GET or you'll Break The Internet.

Of course this doesn't protect you from someone decompiling the client and jimmying the high score before it's sent, but it's better than nothing.

Sending an encrypted version of the score, and/or a hash of the score (with salt!) will make it much harder for someone to fake a score submission by hand. And use POST instead of GET or you'll Break The Internet.

Of course this doesn't protect you from someone decompiling the client and jimmying the high score before it's sent, but it's better than nothing.

I'm sure you would but it's better than just sending the score as plain text.

Frankly I'm of the opinion that unless you can actually send a deterministic replay to the server that it can replay everything is going to be easily circumvented by decompilation. The question whether you feel it worth your time to do it properly or whether you can get by with manual moderation.

teh freehostia is not free!!!!! tisyas must pay $10 to get a domain name. is there another way? aso i tried the condition thing and even if I amde it false it still appeared

Please at least try to write in a readable manner. One simple reread would have made it. It is just easier for us (especially the non-english speakers) to gasp what you want. Also it's more likely to get sensible answers.

We've found by experience that people who are careless and sloppy writers are usually also careless and sloppy at thinking and coding (often enough to bet on, anyway). Answering questions for careless and sloppy thinkers is not rewarding; we'd rather spend our time elsewhere.

This quote might be a preconception, but if you had actually tried to sign in Freehostias "Chocolate" package, you would have found out, that you can use a subdomain under freehostia.org for free.

Frankly I'm of the opinion that unless you can actually send a deterministic replay to the server that it can replay everything is going to be easily circumvented by decompilation.

Agreed, in practice.

In theory, there are others even more secure solutions.For example, you could make the client just a video player, then run the ENTIRE GAME on the server, sending the rendered video of the game screen to the client, and sending back inputs to the server.There are of course less silly variants derived from this thing, including the possibility of having clients verify each other. (While a client is playing, have it re-play a pending highscore entry. If more than, say, 50 clients with different IPs all end up claiming the same score for that entry, allow it.)

Hmmm..security so how do i know if i implemented my game correctly with my mysql ? How does one go about testing something like that with out inviting hackers?

When i first started writing my server side i had security in mind so hopefully i wont have much trouble.My clients dont communicate with the mysql directly they have to go through a java application core server that acts as a messenger to mysql this is the same with my game servers.

If you know what question to ask i will be able to answer it the way i understand.seeing as i am relativley inexperienced i may not know all the correct java terminology

What i want to know is how do you work out what determines who is the best regarding a fighting game ?

How does one go about testing something like that with out inviting hackers?

Think of the normal ways to go around security and try to make sure the base is covered. Once that is done ask on a hacking forum if anyone has the knowledge to break your impenetrable website and you should get replies, hackers likes a challenge

java-gaming.org is not responsible for the content posted by its members, including references to external websites,
and other references that may or may not have a relation with our primarily
gaming and game production oriented community.
inquiries and complaints can be sent via email to the info‑account of the
company managing the website of java‑gaming.org